What are the requirements for ISO 9001?

  • Guides

If you’re not sure what is required for ISO 9001 certification, this guide will tell you exactly what you need to prepare for the Quality Management Standard.

You are best placed to understand exactly how a process or procedure should operate within your organisation. As such, ISO standards tend to require documentary evidence that such processes are in place, rather than prescribing how to implement such processes.

However, not all of the documentation discussed within the ISO 9001 framework is mandatory. This means that, while many organisations find that non-mandatory documentation helps towards implementing a Quality Management System (QMS), you may find yourself wondering what exactly is required for ISO 9001 certification.

What documents do you need for ISO 9001?

The majority of the requirements for ISO 9001 are documented records of your organisation’s activity to ensure that the proper processes are in place. Some of these documents also serve to demonstrate that the principles of quality management have been adopted in the right areas of the organisation and that your QMS is helping you reach goals that are both tangible and feasible.

Scope of the QMS

This document will outline which parts of your organisation will use this QMS. If it will be used by the entire organisation, or if it will be used by just one part or department. If the latter, this document will clearly outline which parts of your organisation will be using the QMS.

Quality Policy

The Quality Policy outlines the goals you are seeking to achieve by implementing a QMS, such as improving your ability to provide customers with quick, efficient service. The policy should also demonstrate your organisation’s commitment to any applicable requirements and a declaration that you will improve the effectiveness of your QMS where possible.

Quality Objectives and Plans for Achieving Them

Where your goals will be somewhat generic (such as “reduce the environmental impact of our operations”), your objectives will provide a more specific framework for reaching those goals. You can set quality, environmental, and health and safety objectives for your organisation as a whole, as well as for individual department or teams.

You will also need to outline how you will achieve these objectives, so your objectives need to be realistic and achievable. You’ll need to assign responsibilities, set aside resources, and develop roadmaps that are achievable.

Procedure for Control of Externally Provided Processes, Products and Services

There is little reason to work hard to maintain quality within your organisation if your suppliers undermine your efforts. This is why ISO 9001 requires an organisation to develop a procedure for controlling processes, products and services delivered to you by third parties.

Organisations will need to document the criteria for evaluation, selection, monitoring, and reevaluation of their suppliers.

Record of Maintenance and Calibration of Monitoring and Measuring Equipment

Any equipment used to monitor or measure your products and processes will need to be controlled and calibrated to recognised standards. Your organisation will need to hold records of this maintenance and calibration, demonstrating to any auditor that calibration is conducted either on a regular basis or before use.

Your record should also include details of the approved laboratory from which the calibration standard is sourced, and record that you regularly check the credentials of this laboratory.

Competence Records

Maintaining records of the training and competence levels of every member of your organisation will help you maintain your commitment to quality by ensuring that the right person is doing the right job. In addition, introducing quality management into an organisation often requires additional training of relevant employees, and recording this training will make your upskilling easier to track.

Product/Service Requirements Review Record and Record of New Requirements for Product or Service

Ensuring that your products and services are of the best quality means recording the requirements they need to meet. This includes existing requirements, as well as documenting any changes to those requirements or new requirements placed upon them.

Requirements can take a number of forms, from purchase orders to customer feedback or requests to tender. Record these requirements in a way that makes sense for your organisation and enables it to maintain the quality of its products or services.

Design and Development Inputs Record

The development of your products or services involves incorporating a number of requirements and demands (which might have been recorded in your Product/Service Requirements Review Record), as well as other needs that might not have been recorded as requirements but still need to be accounted for in their design and development. For instance, the material used to make a photocopier might not be a requirement, but it’s an important part of the design process.

These inputs should be recorded to help demonstrate that your products or services are designed with all inputs in mind.

Record of Design and Development Controls

This record needs to detail that controls over the design and development process are:

  1. Adequately defining the results you want to achieve
  2. That reviews are being appropriately executed that assess the results of design and development to meet requirements

  3. Actions that verify design and development outputs meet the input requirements

  4. Actions that check that products and services meet the requirements for the intended application and use

  5. Every opportunity that is taken to resolve problems

Design and Development Outputs Record

Design and development output is a clear description of the product or service, with detailed information for production or operation. A record of outputs will typically include drawings of a model, written instructions that describe the process of delivering the service, assembly instructions, etc. This record should also include evidence that the outputs have been verified against the inputs to ensure that they reconcile.

Record of Design and Development Changes

Any changes to your organisation’s design and development process should be documented, detailing:

  1. The changes
  2. Evaluations of the impact of the changes and the results of these evaluations
  3. The authorisation for those changes to be implemented
  4. Actions taken to prevent adverse impacts

Record of Evaluation of External Provider

As part of the procedure for controlling third party suppliers, your organisation should be regularly evaluating them. This document should contain details of when these evaluations took place, the criteria by which suppliers are judged and selected, and any results from ongoing evaluation of their performance.

Record of Product/Service Characteristics

As part of ensuring quality, a record should be kept that documents how you control the manner in which you produce products or provide services. You should seek and record evidence that your organisation has controlled the conditions by which products or services are provided, and define the characteristics of the products or services you provide.

Record of Changes on Customer’s Property

Property belonging to customers, as well as suppliers and other third party providers, should be treated as well as your own property, and records should be kept that demonstrate the level of care being shown. These records should detail the property, the owner, how and where it is stored, used, and whether it has suffered any damage whilst in the possession of your organisation.

Record of Changes in Production/Service Provision

It’s highly likely that your organisation will alter its product or services over their lifetime, but unplanned changes have the potential to derail your strategy. Recording unplanned changes can help tackle that, and you’ll need to document evidence of any changes to your products or services or your provision of them.

Your record should include evidence that you have a process in place for handling unplanned changes that:

  1. Evaluates the potential effect to work in progress or products/services already delivered
  2. Identifies control documentation that will need updating as a result of the change
  3. Documents the authorisation of the change, including responsibilities
  4. Details the source of the change and information on necessary actions and authorisations

Evidence of Product/Service Conformity

This record should demonstrate that a process is in place that monitors and verifies that the characteristics of your organisation’s products and services continue to meet requirements. It should provide evidence of conformity, as well as naming the individual(s) responsible for authorising the release of products or services.

Record of Nonconformity

Equally, your organisation needs to document any non-comformities discovered in its products or services, and the actions that are taken as a result. There should also be clear evidence as to how your organisation verifies that conformance has been achieved again following corrective action.

Your record should:

  1. Document the details of non-conformity
  2. Describe the actions taken
  3. Detail any concessions obtained
  4. Identify responsible individuals

Monitoring Performance Information

One of the strengths of ISO 9001 is its emphasis on continual improvement, which is why a key part of a QMS is a procedure to monitor its performance and effectiveness. You’ll need to have a record of these evaluations, as well as evidence that your organisation has considered what to measure, how and when, and that the outcomes from any decisions are ensuring appropriate process control.

Internal Audit Program and Results

An internal audit is a key aspect of a QMS, assessing not just the effectiveness of your QMS, but also your organisation’s overall performance. They also help to demonstrate your compliance with the processes set up as part of implementing your QMS.

This record will hold the details of a regular internal audit program, as well as the results of any issues or opportunities for improvements such audits uncover.

Management Review Results

Senior management should regularly review the QMS to make sure that it remains effective, and a record should be kept of the results of these reviews, cataloguing:

  1. Minutes from previous management reviews
  2. The policies, objectives and targets
  3. Results of audits of your management system and processes
  4. Whether objectives and numeric targets have been met.

You’re ready for ISO 9001 certification

Don’t worry, you don’t need to have prepared all of this documentation before you start working towards your certification. The first step of the certification process is a visit from one of our expert auditors, who will help you to identify any areas of your organisation that need attention, including your documentation records. That said, the more you have prepared in advance, the quicker the certification process will be!

Take our free online course to find out more about ISO 9001 and what you’ll need in order to quickly achieve your certification, or contact us today for a quote.

profile image of Mark Nutburn
Written by Mark Nutburn

CTO - technology professional with over 20 years of IT experience building bespoke CRM systems and designing customised software solutions. A key part of the management team at The British Assessment Bureau for many years and a part of AMTIVO’s management team.

Share